CWE-416— Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.— MITRE CWE catalog
7,392 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-416page 75 of 148
- CVE-2023-29325HIGHCVSS 8.1EG 8.12023-05-09
Windows OLE Remote Code Execution Vulnerability
- CVE-2023-29328HIGHCVSS 8.8EG 8.82023-08-08
Microsoft Teams Remote Code Execution Vulnerability
- CVE-2023-2933HIGHCVSS 8.8EG 8.82023-05-30
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
- CVE-2023-29330HIGHCVSS 8.8EG 8.82023-08-08
Microsoft Teams Remote Code Execution Vulnerability
- CVE-2023-29336HIGHCVSS 7.8EG 9.0⚠ KEV2023-05-09
Win32k Elevation of Privilege Vulnerability
- CVE-2023-29356HIGHCVSS 7.8EG 7.82023-06-16
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
- CVE-2023-29358HIGHCVSS 7.8EG 7.82023-06-14
Windows GDI Elevation of Privilege Vulnerability
- CVE-2023-29361HIGHCVSS 7.0EG 7.02023-06-14
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
- CVE-2023-29365HIGHCVSS 7.8EG 7.82023-06-14
Windows Media Remote Code Execution Vulnerability
- CVE-2023-29536HIGHCVSS 8.8EG 8.82023-06-02
An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112,…
- CVE-2023-29543HIGHCVSS 8.8EG 8.82023-06-02
An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 11…
- CVE-2023-29824CRITICALCVSS 9.8EG 9.82023-07-06
A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue.
- CVE-2023-2985MEDIUMCVSS 5.5EG 5.52023-06-01
A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.
- CVE-2023-30186CRITICALCVSS 9.8EG 7.82023-08-14
A use after free issue discovered in ONLYOFFICE DocumentServer 4.0.3 through 7.3.2 allows remote attackers to run arbitrary code via crafted JavaScript file.
- CVE-2023-3019MEDIUMCVSS 6.0EG 6.02023-07-24
A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.
- CVE-2023-30470CRITICALCVSS 9.8EG 9.82023-05-18
A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code executio…
- CVE-2023-30549HIGHCVSS 7.1EG 7.12023-04-25
Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older operating systems where…
- CVE-2023-30576MEDIUMCVSS 6.8EG 6.82023-06-07
Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.
- CVE-2023-30612MEDIUMCVSS 4.0EG 4.02023-04-19
Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As …
- CVE-2023-30772MEDIUMCVSS 6.4EG 6.42023-04-16
The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device.
- CVE-2023-3111HIGHCVSS 7.8EG 7.82023-06-05
A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().
- CVE-2023-31248HIGHCVSS 7.8EG 7.82023-07-05
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
- CVE-2023-3141HIGHCVSS 7.1EG 7.12023-06-09
A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
- CVE-2023-31518MEDIUMCVSS 5.5EG 5.52023-05-23
A heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via a crafted map file.
- CVE-2023-31566HIGHCVSS 8.8EG 8.82023-05-10
Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().
- CVE-2023-3159MEDIUMCVSS 6.7EG 6.72023-06-12
A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.
- CVE-2023-31725MEDIUMCVSS 5.5EG 5.52023-05-17
yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c.
- CVE-2023-31972MEDIUMCVSS 5.5EG 5.52023-05-09
yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.
- CVE-2023-31974MEDIUMCVSS 5.5EG 5.52023-05-09
yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. Note: Multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy.
- CVE-2023-32018HIGHCVSS 7.8EG 7.82023-06-14
Windows Hello Remote Code Execution Vulnerability
- CVE-2023-32033MEDIUMCVSS 6.6EG 6.62023-07-11
Microsoft Failover Cluster Remote Code Execution Vulnerability
- CVE-2023-32038HIGHCVSS 8.8EG 8.82023-07-11
Microsoft ODBC Driver Remote Code Execution Vulnerability
- CVE-2023-32055MEDIUMCVSS 6.7EG 6.72023-07-11
Active Template Library Elevation of Privilege Vulnerability
- CVE-2023-32134HIGHCVSS 8.8EG 7.82024-05-03
Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is requi…
- CVE-2023-32135MEDIUMCVSS 6.5EG 3.32024-05-03
Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction…
- CVE-2023-3214HIGHCVSS 8.8EG 8.82023-06-13
Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2023-3215HIGHCVSS 8.8EG 8.82023-06-13
Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-3217HIGHCVSS 8.8EG 8.82023-06-13
Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-32172MEDIUMCVSS 6.5EG 6.52024-05-03
Unified Automation UaGateway OPC UA Server Use-After-Free Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation UaGateway. Authen…
- CVE-2023-32174CRITICALCVSS 9.1EG 9.12024-05-03
Unified Automation UaGateway NodeManagerOpcUa Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unified Automation UaGateway. Authenticatio…
- CVE-2023-32233HIGHCVSS 7.8EG 7.82023-05-08
In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. T…
- CVE-2023-32269MEDIUMCVSS 6.7EG 6.72023-05-05
An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this…
- CVE-2023-32373HIGHCVSS 8.8EG 9.0⚠ KEV2023-06-23
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted we…
- CVE-2023-32378HIGHCVSS 7.8EG 7.82024-01-10
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges.
- CVE-2023-32381HIGHCVSS 7.8EG 7.82023-07-27
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute a…
- CVE-2023-32387CRITICALCVSS 9.8EG 9.82023-06-23
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. A remote attacker may be able to cause unexpected app termination or arbitrary co…
- CVE-2023-32398HIGHCVSS 7.8EG 7.82023-06-23
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A…
- CVE-2023-32412CRITICALCVSS 9.8EG 9.82023-06-23
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A…
- CVE-2023-32433HIGHCVSS 7.8EG 7.82023-07-27
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. A…
- CVE-2023-32541HIGHCVSS 8.8EG 8.82023-09-27
A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malformed file to trigger t…
Map vulnerabilities like CWE-416 to your infrastructure
EchelonGraph correlates every CVE — across CWE-416 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →